Databases are warehouses that organize, store and manage data according to data structures. Data are stored collectively in a database in certain formats, providing data access for a multitude of clients. In order to facilitate multiple clients sharing databases and alleviate the limits imposed by one single database servicing multiple clients, currently a master database will be designated, which is duplicated into multiple slave databases having identical datasets as the master database. Further, techniques separating read operations from write operations are applied to the database system, i.e., a read request from a client (e.g., a query statement executed by the client) is directed to the slave databases; while a write request from the client (e.g., an update statement executed by the client) is directed to the master database.
The present techniques separating read operations from write operations can be implemented as the following. First, a database proxy server receives from a client a communication request for a connection to a slave database, where the request includes a client ID and a client passcode. Based upon the client ID, the database proxy server sends the request to a corresponding slave database. Upon receiving the request, the slave database obtains the client ID and the client passcode from the request, and performs verification of the client. If the client passes the verification, the slave database accordingly establishes a slave database connection with the database proxy server. Subsequently, the database proxy server receives from the client operation requests. If receiving a read request, the database proxy server executes a read operation corresponding to the read request against the slave database directly. If receiving a write request, the database proxy server establishes a master database connection with the master database by use of a public ID and a public passcode, and executes a write operation corresponding to the write request against the master database.
However, with the present techniques to separate read operations and write operations, multiple clients all rely on one common public ID to establish connections with the master database. The public ID has its access permission s set as the super set of all the clients' access permissions. Consequently, some clients can end up performing operations outside of their access permissions configured with the master database, over-extending their access permissions and imposing potential security risks. For example, client A has an original access permission configured as writing to only the A part of the master database. Client B has an original access permission configured as writing to both the A part and the B part of the master database. When client A and client B both utilize a common public ID to establish connections with the master database, the access permission associated with the public ID is set accordingly as writing to both the part A and the part B of the master database. Therefore, client A ends up being able to write to the part B of the database as well.